Hello Community, I have done some research and updated the design doc with additional info on the Authentication and Authorization for the Admin API. The highlights are
1. Different auth schemes including digest, x509 and IP will be supported 2. Supporting the SASL scheme is not in scope because the HTTP(s) protocol doesn’t support and work well with SASL. I would like to see if anyone has any feedback or input on the above. Thanks, Li On Wed, Sep 7, 2022 at 2:14 PM Li Wang <li4w...@gmail.com> wrote: > Thanks for the valuable feedback, Enrico! > > On Tue, Sep 6, 2022 at 11:52 PM Enrico Olivelli <eolive...@gmail.com> > wrote: > >> Li, >> I missed your message, sorry about that. >> >> I have added a comment on the GDoc. >> Overall I agree with the design. >> > > Thanks. I have responded to the two comments. > > >> >> I want to copy here a comment about the Admin API. >> We need to implement Authentication and Authorisation for the Admin API. >> I think that it should be a separate initiative, and we can put it as >> a pre-requisite to enable this feature. >> > > Opened a JIRA for it. > https://issues.apache.org/jira/browse/ZOOKEEPER-4612 > >> >> Looking forward to other comments, I hope that we can deliver this set >> of features for 3.9 >> > > I have started to work on the features. Will definitely target for 3.9. > Looking forward to more comments. > >> >> Thank you very much >> Enrico >> >> Il giorno lun 8 ago 2022 alle ore 07:09 Li Wang <li4w...@gmail.com> ha >> scritto: >> > >> > Hi Patrick and Enrico, >> > >> > Not sure if you get a chance to see the design. Any comments or inputs? >> > >> > Also hope people who have already worked in the areas can chime in, so >> we >> > can have a solution working for the community. >> > >> > Thanks, >> > >> > Li >> > >> > On Sun, Jul 31, 2022 at 9:31 PM Li Wang <li4w...@gmail.com> wrote: >> > >> > > Hello, >> > > >> > > Sorry it took a while to get back on this. Thanks Patrick for the >> > > suggestion. >> > > >> > > Here is the design doc on google doc. Anyone with the link should be >> able >> > > to comment on it. Looking forward to more comments and discussions. >> > > >> > > >> https://docs.google.com/document/d/1UHf07ZnPi_Kyos7-DRnANmkuhv1BILNGJanZkBv12WA/edit?usp=sharing >> > > >> > > Best, >> > > >> > > Li >> > > >> > > >> > > On Tue, Jul 12, 2022 at 5:52 PM Li Wang <li4w...@gmail.com> wrote: >> > > >> > >> Great suggestion, Patrck. I will create an online design doc to >> > >> facilitate discussions and capture feedback. >> > >> >> > >> Best, >> > >> >> > >> Li >> > >> >> > >> On Tue, Jul 12, 2022 at 8:30 AM Patrick Hunt <ph...@apache.org> >> wrote: >> > >> >> > >>> On Mon, Jul 11, 2022 at 9:23 PM Li Wang <li4w...@gmail.com> wrote: >> > >>> >> > >>> > Thanks for the inputs, Patrick. They are very valuable. >> > >>> > >> > >>> > I have similar thoughts on some of them as I worked on the >> feature. I >> > >>> will >> > >>> > respond to them in the JIRA ticket. >> > >>> > >> > >>> > >> > >>> sg. I noticed later on that the PR on gh has links to other >> reference >> > >>> material, etc... Perhaps you can update the JIRA to "link" to that >> > >>> material? EOD whatever material content is there, much of it should >> be >> > >>> added to the release docs. That said, having insight on eg a design >> > >>> doc/design decisions is also helpful for folks that want to dig >> deeper >> > >>> both >> > >>> during, and after, the feature lands. The JIRA ticket (epic?) is >> > >>> typically >> > >>> our central source for this, which is why I'm asking. I've found >> that >> > >>> having the design doc be a "living doc" (eg google docs during the >> > >>> initial >> > >>> stages of development) is also helpful wrt capturing feedback. I >> can do >> > >>> it >> > >>> through jira/email but it's hard to capture/reference context. This >> is a >> > >>> big feature set, otw I wouldn't mention. :-) >> > >>> >> > >>> Patrick >> > >>> >> > >>> >> > >>> > Bests, >> > >>> > >> > >>> > Li >> > >>> > >> > >>> > On Mon, Jul 11, 2022 at 11:08 AM Patrick Hunt <ph...@apache.org> >> > >>> wrote: >> > >>> > >> > >>> > > I think this could be a useful feature for folks. However it >> > >>> immediately >> > >>> > > raises a number of concerns if we want to ship it as a >> "mainline" >> > >>> > feature, >> > >>> > > I briefly started capturing here: >> > >>> > > >> > >>> > > >> > >>> > >> > >>> >> https://issues.apache.org/jira/browse/ZOOKEEPER-4570?focusedCommentId=17565127&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17565127 >> > >>> > > >> > >>> > > Patrick >> > >>> > > >> > >>> > > On Mon, Jul 11, 2022 at 10:48 AM Li Wang <li4w...@gmail.com> >> wrote: >> > >>> > > >> > >>> > > > Thanks Enrico for the feedback. This is awesome! Looking >> forward to >> > >>> > more >> > >>> > > > comments and discussions, so we can have a solution from and >> for >> > >>> > > > the community. >> > >>> > > > >> > >>> > > > Best, >> > >>> > > > >> > >>> > > > Li >> > >>> > > > On Sun, Jul 10, 2022 at 10:46 PM Enrico Olivelli < >> > >>> eolive...@gmail.com> >> > >>> > > > wrote: >> > >>> > > > >> > >>> > > > > Li, >> > >>> > > > > >> > >>> > > > > Il Lun 11 Lug 2022, 06:58 Li Wang <li4w...@gmail.com> ha >> > >>> scritto: >> > >>> > > > > >> > >>> > > > > > Hello, >> > >>> > > > > > >> > >>> > > > > > We are working on on-demand backup and restore with >> streaming >> > >>> > > > capability, >> > >>> > > > > > so different databases such as zookeeper and etcd can be >> > >>> backed up >> > >>> > > and >> > >>> > > > > > restored via a generic external management platform. We >> would >> > >>> like >> > >>> > > to >> > >>> > > > > > contribute it to the community to benefit more users. >> > >>> > > > > > >> > >>> > > > > >> > >>> > > > > This is great. >> > >>> > > > > I am following your work. >> > >>> > > > > >> > >>> > > > >> > >>> > > > >> > >>> > > > > >> > >>> > > > > I hope that people who already worked on similar proposals >> can >> > >>> chime >> > >>> > > in, >> > >>> > > > > this way we can make it a community work >> > >>> > > > > >> > >>> > > > > Thanks >> > >>> > > > > >> > >>> > > > > Enrico >> > >>> > > > > >> > >>> > > > > >> > >>> > > > > > I noticed that some great work has been done in the >> backup and >> > >>> > > restore >> > >>> > > > > > area, specifically the following open PRs are very >> interesting. >> > >>> > > > > > >> > >>> > > > > > 1. ZOOKEEPER-3499:Add a complete backup mechanism for >> zookeeper >> > >>> > > > > > internal(admin server way) #1044 ( >> > >>> > > > > > https://github.com/apache/zookeeper/pull/1044) >> > >>> > > > > > >> > >>> > > > > > 2. Add backup and restore with timetable #1883 ( >> > >>> > > > > > https://github.com/apache/zookeeper/pull/1883) >> > >>> > > > > > >> > >>> > > > > > Instead of building another variant solution, I would >> like to >> > >>> see >> > >>> > if >> > >>> > > we >> > >>> > > > > can >> > >>> > > > > > work together, combine different solutions and provide a >> > >>> generic >> > >>> > one >> > >>> > > > that >> > >>> > > > > > supports different use cases. >> > >>> > > > > > >> > >>> > > > > > To facilitate the discussion, I opened the following two >> JIRA >> > >>> > tickets >> > >>> > > > for >> > >>> > > > > > our use case. I would appreciate it if you could provide >> > >>> inputs or >> > >>> > > > > > comments. >> > >>> > > > > > >> > >>> > > > > > https://issues.apache.org/jira/browse/ZOOKEEPER-4570 >> > >>> > > > > > https://issues.apache.org/jira/browse/ZOOKEEPER-4571 >> > >>> > > > > > >> > >>> > > > > > Best, >> > >>> > > > > > >> > >>> > > > > > Li >> > >>> > > > > > >> > >>> > > > > >> > >>> > > > >> > >>> > > >> > >>> > >> > >>> >> > >> >> >
